Cybersecurity

Chinese spy chips are found in hardware used by Apple, Amazon, Bloomberg says; Apple, AWS say no way

Key Points
  • The chip could have enabled China to view the network of several companies, but Apple, AWS and Super Micro deny the claims, according to a report by Bloomberg BusinessWeek.
  • Apple, AWS and Super Micro dispute the report.
Amazon and Apple data equipment hacked by China with super small chips, says Bloomberg
VIDEO1:1801:18
Amazon and Apple hacked by China, says Bloomberg

Data center equipment run by Amazon Web Services and Apple may have been subject to surveillance from the Chinese government via a tiny microchip inserted during the equipment manufacturing process, according to a Bloomberg BusinessWeek report on Thursday. The claims in the report have been strongly disputed by the technology giants.

The chips, which Bloomberg said have been the subject of a top secret U.S. government investigation starting in 2015, were used for gathering intellectual property and trade secrets from American companies and may have been introduced by Super Micro, a Silicon Valley company that manufacturers parts for servers in China.

Apple, AWS and Super Micro dispute the report. Apple said it did not find the chips as asserted by BusinessWeek — which cited anonymous government and corporate sources. Super Micro reportedly denied that it introduced the chips during the manufacturing.

Shares of Super Micro plummeted more than 40 percent following the report. Trading of the small server company's common stock on the Nasdaq was suspended on Aug. 23 after repeatedly missing SEC filing deadlines. Super Micro shares now trade on over-the-counter markets.

Apple shares edged 1 percent lower in Thursday trading, while Amazon fell about 1.5 percent.

Asked by CNBC for comment, Apple reiterated its strong denials of the report, stating: "We are deeply disappointed that in their dealings with us, Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple."

AWS has also denied the report, telling CNBC in a statement, "As we shared with Bloomberg BusinessWeek multiple times over the last couple months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems.‎"

A statement from the China foreign ministry said "China is a resolute defender of cybersecurity."

US government concerned about supply chain security, says Crowdstrike president
VIDEO4:1504:15
US government concerned about supply chain security, says Crowdstrike president

According to Bloomberg, the problem was discovered in 2015 and confirmed by independent security investigators hired by the cloud providers. Super Micro servers were removed by Apple that year, according to the report, which also asserts ties with Super Micro were severed in 2016. A follow-up investigation involving several government agencies was conducted, as well. Apple and AWS deny these moves involving Super Micro were related to chip worries. No consumer data was stolen as part of the alleged campaign, according to the report.

China has long been suspected — but rarely directly implicated — in en masse spy campaigns based on hardware made there. The majority of electronic components used in U.S. technology are manufactured in China. Companies including component manufacturers Huawei and ZTE, as well as surveillance camera maker Hikvision, have all fallen under intense suspicion and scrutiny from the U.S. government in the past year.

Intellectual property theft is one of the core arguments for tough trade restrictions on China by the Trump administration.

Read the complete Bloomberg BusinessWeek report here.